Introduction

I decided to write this article about hardware breakpoints for the following reasons:

Visual C++ only supports write-only data breakpoints. You might want to trigger a break when data is read as well.

You might not be using Visual C++, so chances are that your debugger uses some slow software-based mechanism.

You might want to set/remove a breakpoint programmatically.

You may be interested in low level CPU stuff!

Features

Works for x86 and x64.

Supports upto 4 hardware breakpoints per thread.

Debug Registers

x86/x64 contains a set of debug registers, named DR0, DR1, DR2, DR3, DR6, and DR7. These registers are 32-bit when in 32-bit mode, and 64-bit when in long mode. DR0, DR1, DR2, and DR3 contain the linear addresses of the breakpoint, and DR7 contains the bits explained here:

Bits

Meaning

0-7

Flags for each of the 4 debug registers (2 for each). The first flag is set to specify a local breakpoint (so the CPU resets the flag when switching tasks), and the second flag is set to specify a global breakpoint. In Windows, obviously, you can only use the first flag (although I haven't tried the second).

16-23

2 bits for each register, defining when the breakpoint will be triggered:

00b - Triggers when code is executed

01b - Triggers when data is written

10b - Reserved

11b - Triggers when data is read or written

24-31

2 bits for each register, defining the size of the breakpoint:

00b - 1 byte

01b - 2 bytes

10b - 8 bytes

11b - 4 bytes

We use SetThreadContext to set the necessary flags for the thread. After that, when the breakpoint is triggered, an exception of the value EXCEPTION_SINGLE_STEP is raised.

Suppose that the process is already running in a debugger with limited memory breakpoints as you suggest - and that you don't know the address you'd want to break on until the process is running, but that you can determine it from that debugger. Then it would be useful to fire up a quick (command line) app which would allow you to set a memory breakpoint but let your debugger handle it.